I’ve been recently configuring SSO and LDAP for my grafana platform.
But i’m in a case where i don’t have any answer to the problem i got.
I configured in a first time the LDAP and it is working properly.
If i logged in with any LDAP user that is allowed according to my ldap.toml file, the account is created in the Grafana database.
If i delete the account on Grafana, it’s created again after the next login.
After that, i configured SSO with an apache in front of Grafana and it’s working properly.
But while going though the SSO, the username is used my the local database to log on and not though the LDAP.
How to tell grafana to use the LDAP configured in the grafana.ini after passing though the SSO who modified the header and include the username needed for the ldap authentication ?
The SSO configured in apache use the GSSAPI AuthType and the configuration i made is working properly when the account is present on Grafana.
It’s mostly a question about the authentication workflow here because if the user is not present un Grafana, the Proxy auth reject the demand. But sometimes (and it’s really random) the user is created correctly with the ldap authentication though the proxy auth.
So how this kind of workflow is handle by Grafana ?